Menu
I'm looking for a long time to a way to compile and run a custom Wireshark dissector, without needing to recompile the entire wireshark project. Many places on the Web, require developers to write their plugins and link to Wireshark.
However, I have found that some people were able to write the dissector and make it run using the plugin system from Wireshark, whose paths are found in Wireshark Help/About section.
Despite these people showing success writing dissectors in Lua and in C++, I have tried many tutorials, but I'm really lost.
Could someone help me with the steps to make a very simple Wireshark dissector on Ubuntu 16.04 64bit?
510
There are three ways to write a custom dissector for Wireshark:
Several years ago, I needed to write a dissector for a custom protocol my company uses. I compared the three options and learned a bit about them. C++ is the fastest execution but most difficult to learn and use. Lua and WSGD are about the same in execution speed. Lua dissector is built-in to Wireshark, however, I found that it is more difficult to learn because you need to learn a language (Lua) and then how to write dissectors in the language. WSGD is a language designed specially for writing dissectors. It is more like a structure definition that a flow-control language. The WSGD website has documentation and examples. It is hard to find documentation and examples for Lua and how writing dissectors in it.
In 2015 Graham Bioice presented "Writing a Wireshark Dissector Using WSGD, Lua and C" at Sharkfest. It's a very through presentation on the topic, although it was too late to help me. You can get the slide deck and see the presentation at:
For the reasons I listed above, I choose WSGD. I have written several thousand lines to create dissectors for three custom protocols in WSGD. I highly recommend it. The WSGD website is http://wsgd.free.fr
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
